2 matches found
CVE-2024-52291
CraftCMS has a local file system validation bypass flaw (CVE-2024-52291) that can be triggered by a double file:// scheme to point the base filesystem at sensitive folders. The root cause stems from FileHelper::normalizePath only removing a leading file://, enabling bypass when a second file:// i...
CVE-2024-52291
creationtimestamp| type| source ---|---|--- 2024-11-13 00:30:48+00:00| published-proof-of-concept| https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q 2024-11-13 16:20:13+00:00| seen| https://infosec.exchange/users/cve/statuses/113476554741751320 2024-11-13 18:54:19+00:00| see...